vault-charm

vault charm should tune open file parameter

Bug #2060095 reported by Patrizio Bassi on 2024-04-03

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	Vault Snap	Triaged	Medium	Unassigned
	vault-charm	Triaged	Medium	Unassigned

Bug Description

We are hitting a bug with vault deploy charm: during startup, before unsealing, it consumes all the 1024 default open files (fds).

according to
https://developer.hashicorp.com/vault/tutorials/operations/performance-tuning a reasonable value should be much higher for that process (65536)

I implemented a workaround

juju exec --application=vault -- 'cat /proc/$(pidof vault)/limits | awk "NR==1; /Max open files/"'
juju exec --application=vault -- "sed -i 's/\[Service\]/\[Service\]\nLimitNOFILE=65536'/ /etc/systemd/system/vault.service"
juju exec --application=vault -- "systemctl daemon-reload"
juju exec --application=vault -- "systemctl restart vault"
juju exec --application=vault -- 'cat /proc/$(pidof vault)/limits | awk "NR==1; /Max open files/"'

juju exec --application=vault -- "systemctl status vault"
juju exec --application=vault -- 'export VAULT_ADDR=http://127.0.0.1:8200 && /snap/bin/vault status'

Can you apply in the charm or at least expose a parameter can be set via juju?

Alex Kavanagh (ajkavanagh) on 2024-04-26

Changed in vault-charm:
importance:	Undecided → Medium
status:	New → Triaged

Revision history for this message

James Page (james-page) wrote on 2024-04-29:

Raising a task for the vault snap as well as newer versions can run the server daemon via the snap, rather than the charm provided systemd configuration.

Changed in snap-vault:
status:	New → Triaged
importance:	Undecided → Medium

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.